Multiple RADIUS Handlers
18 views
Skip to first unread message
Colin Ryan
Nov 22, 2019, 2:27:33 PM11/22/19
to CAS Community
Folks,
I currently use my Radius infrastructure to handle multiple methods of
authentication by use of realms. However the real selections are
transparent the end users as I use various techniques to insert realm
identifiers into the users login ID on the fly. I.E. the user only ever
enters "bob" but behind the scenes the Radius server is presented with
"bob^(authmethod1)", "bob^(authmethod2)" etc etc, and more specifically
the authmethod is dynamic based upon the profile of the user.
I'm trying to simulate the same behavior in CAS without too much custom
programming (i.e. interception an auth request, checking the users LDAP
profile, then manipulating the login ID) etc etc.
One thing I thought of was if one could specify multiple authn handlers
for Radius in the vernacular of ldap, i.e. cas.authn.radius[]....and use
the radius suffix handlers to differentiate my RADIUS realms, without
the user knowing anything about what realm they technically are using.
Then I could simply specify the required authentication handler for a
users specific service URL.
Any idea if this is possible.
Thanks
Colin
I currently use my Radius infrastructure to handle multiple methods of
authentication by use of realms. However the real selections are
transparent the end users as I use various techniques to insert realm
identifiers into the users login ID on the fly. I.E. the user only ever
enters "bob" but behind the scenes the Radius server is presented with
"bob^(authmethod1)", "bob^(authmethod2)" etc etc, and more specifically
the authmethod is dynamic based upon the profile of the user.
I'm trying to simulate the same behavior in CAS without too much custom
programming (i.e. interception an auth request, checking the users LDAP
profile, then manipulating the login ID) etc etc.
One thing I thought of was if one could specify multiple authn handlers
for Radius in the vernacular of ldap, i.e. cas.authn.radius[]....and use
the radius suffix handlers to differentiate my RADIUS realms, without
the user knowing anything about what realm they technically are using.
Then I could simply specify the required authentication handler for a
users specific service URL.
Any idea if this is possible.
Thanks
Colin
Reply all
Reply to author
Forward
0 new messages